Installing a file system in a data carrier

ABSTRACT

A method for installing a file system ( 26 ) in a portable data carrier ( 10 ) comprises the steps of reading in specification data (SD) that at least partly describe the file system ( 26 ) at the semantic level, interpreting the read-in specification data (SD) by means of a processor core ( 12 ) of the data carrier ( 10 ), and installing the file system ( 26 ) in accordance with the interpreted specification data (SD) in a memory ( 14 ) of the data carrier ( 10 ). A computer-readable data carrier ( 30 ) and a device ( 28 ) for initializing and/or personalizing a portable data carrier ( 10 ) are equipped for storing specification data (SD) and/or transferring them into a portable data carrier ( 10 ) in accordance with the invention. The invention makes available a technique for installing a file system ( 26 ) in a data carrier ( 10 ) that reduces the hitherto strong dependency between the file format used and internal aspects of the operating system of the data carrier ( 10 ).

The invention generally relates to the technical field of installing afile system in a portable data carrier such as, for example, a smartcard or a chip module.

Before a data carrier can be ready for use, a file system has to beinstalled in it. This is typically done at the occasion of theinitialization of the data carrier, i.e., at the occasion of the loadingof data and/or programs that are identical for a largish number of datacarriers. With this loading of data there are also determined eitherwholly or partly the structures and attributes (file tree, readingrights, etc.) of the file system. The file system may also be installedat the occasion of other manufacturing steps, for example at theoccasion of the personalization, i.e. the loading of data that areindividual for the data carrier and/or its subsequent user.

ISO 7816 is an industrial standard that describes how a file system inaccordance with the standard can be installed in smart cards. Inparticular, ISO 7816 describes the CREATE FILE command, with which theindividual files of the file system and the associated file attributescan be successively installed. The parameters of the CREATE FILE commandare so designed that bit sequences from the data transmitted to thesmart card are written into a memory of the smart card directly, i.e.without further transformation.

The precise format of the data transferred to the smart card for filesystem initialization is proprietary in most cases and may depend on theparticular operating system of the card. This is particularly the caseif the card comprises modifications or further developments as comparedwith the aforementioned standard, but also in other cases, because thestandard admits a certain space for interpretation. Furthermore, everincreasing use is made of smart cards of which the file system cannot beinitialized in accordance with ISO 7816 or with which this is at leastnot customary, a case in point being the Java Card™.

Given the strong machine orientation of the customary formats, specialutility programs are needed for producing and processing theinitialization data and these must likewise be matched to the particularsmart card used in each case and its operating system. Such an utilityprogram, specially designed for the STARCOS® smart card operating systemof the applicant, is at present being marketed under the name STARMAG®.Here there also exists the problem that, on the one hand, the STARMAG®program cannot be used, or can be used only to a limited extent, forsmart cards with other operating systems and that, on the other hand,possibly useful functions of other programs are not available forSTARCOS® smart cards.

The hitherto mentioned problems do not exist only with a view to theformat of the data that are to be transferred onto the smart card, butalso with a view to the data format in which the necessary pieces ofinformation about the file system that is to be installed aretransmitted to an initialization and/or personalization device for smartcards. Here, once again, use is made of proprietary formats that alsodepend on the smart cards to be processed in each case and thereforecall for special utility programs.

The invention has the object of solving the aforementioned problemseither wholly or in part. In particular, the invention is intended tomake available a technique for installing a file system in a datacarrier that reduces the hitherto strong dependency between the employeddata format and internal aspects of the operating system of the datacarrier. In preferred embodiments utility programs and tools that arecommonly available in the market should be universally usable, i.e.,usable in connection with file system installation data for widelydiffering data carriers.

According to the invention, this object is either wholly or in partsolved by means of a method with the features of Claim 1, a portabledata carrier in accordance with Claim 8, an initialization and/orpersonalization device in accordance with Claim 9 and acomputer-readable data carrier in accordance with Claim 10. Thedependent claims define preferred embodiments of the invention.

The invention starts out from the combination of two basic ideas. Firstof all, use is made of specification data that describe the file systemto be installed in the data carrier at least partly at the semanticlevel. Secondly, these specification data are interpreted by a processorcore of the data carrier. In this connection, an interpretation isgenerally to be understood as a certain processing and transformation ofthe data. An unmodified writing of received bit sequences into a memoryof the data carrier is generally not an interpretation in this sense.

The invention achieves a considerable abstraction from the details ofthe operating system of the data carrier. Due to the fact that theinterpretation of the specification data is undertaken by the datacarrier itself, external systems do not need to know any internalaspects of the operating system, but can rather be used in combinationwith widely differing types of data carriers. There is thus no need tomake the data structures available in the special format needed forstorage. The technical uniformization obtained in this manner yieldsconsiderable savings as regards equipment, software and the training ofemployees. Furthermore, the encapsulation of internal data structuresincreases the security of the overall system against undesiredconfiguration errors or intentional manipulation.

The enumeration sequence of the steps of the method claims is not to beunderstood as a limitation of the scope of protection. Rather, there areenvisaged embodiments of the invention in which these method steps arecarried out in a different sequence or either wholly or partially inparallel or either wholly or partially interleaved. In preferredembodiments, in particular, the specification data are read into thedata carrier either piece by piece or in a continuous stream and in eachcase interpreted section by section, where the parts of the file systemdetermined by the interpretation are always immediately written into thememory of the data carrier.

In preferred embodiments of the invention the specification datadescribe the files of the file system and the associated fileattributes. The file attributes can define security settings, forexample reading, writing and execution rights, and/or protocol settings,for example a transfer by means of Secure Messaging or Secure SocketsLayer (SSL). Furthermore, the specification data may state relationsbetween files of the file system, for example the relation that twofiles constitute a pair of keys, the relation that a file constitutes acertificate for a key, or the file/owner relation. Due to these possiblecontents, the specification data in preferred embodiments represent apowerful means of description for the file system.

The specification data will preferably have a textual and/or portableand/or interoperable data format. Due to these measures, tools andauxiliary programs can be used for different data carriers in the samemanner. Some preferred embodiments make use of widely used standard dataformats, for example XML (extensible markup language), or formatscorresponding to the encoding rules DER (distinguished encoding rules)or BER (basic encoding rules) or PER (packed encoding rules) that areprovided for data structures that are defined in ASN.1 (abstract syntaxnotation No. 1).

For standardized data formats like the ones mentioned above there isavailable a multitude of universally utilizable tools. For example,specification data can be visualized in the XML format by means ofcustomary web browsers. Numerous development engineers also already knowformats of this type, so that no costly training is necessary. Thespecification data may be brought together in a single file or be madeavailable in the form of several files.

The specification data are preferably presented to the initialization orpersonalization device already in the format in which they are then tobe transferred to the data carrier. Such an embodiment has the advantagethat the initialization or personalization device can be used fordifferent data carriers without or with only a small effort forconfiguration. Particularly if external service providers undertake theinitialization or personalization, the specification data are preferablyprotected by cryptographic means such as, for example, encryption and/orsignature, against manipulation and/or spying. The decryption and/ortesting of the signature can be undertaken by the data carrier itself,so that no attack possibilities exist outside the data carrier.

The portable data carrier, the initialization and/or personalizationdevice and the computer-readable data carrier have, in preferred furtherembodiments, features that correspond to the features mentioned aboveand/or in the dependent claims. The computer-readable data carrier thatcontains the specification data in accordance with the invention doesnot necessarily need to be of a material nature. An electrical orelectromagnetic signal, which is modulated in a way suitable for datatransfer, can also be a computer-readable data carrier in this sense.

Further features, objects and advantages of the invention are apparentfrom the description given hereinafter of several sample embodiments andembodiment variants. Reference is made to the schematic drawings, inwhich:

FIG. 1 shows a block diagram of components that play a part in a sampleembodiment of a method in accordance with the invention, and

FIG. 2 shows an example representation of specification data that aregiven as an XML file.

FIG. 1 shows a portable data carrier 10 designed, for example, as asmart card or a chip module. In a manner that is known as such, the datacarrier 10 is provided with a semiconductor chip in which there areformed a processor core 12, a memory 14 and an interface 16 forwire-based or wireless communication. The memory 14 is provided withseveral areas formed in different circuit techniques, i.e., in thepresent sample embodiment, a ROM area 18 with a mask-programmedfixed-value memory, a RAM area 20 with a volatile read/write memory andan area 22 with a non-volatile, re-writeable memory, for example, anEEPROM, a flash memory, etc.

The ROM area 18 of the memory 14 contains the operating system and theprograms of the data carrier executed by this operating system. Inparticular, as part of the operating system there is provided aninterpreter 24, the function of which will be discussed in greaterdetail further on. A file system 26 is to be installed in the EEPROMarea 22. FIG. 1 shows, for the sake of illustration, a section of thefile system 26 that corresponds to ISO 7816 and is provided with a rootMF (master file) and several hierarchy levels of directories DF(dedicated file) and individual files EF (elementary file). Inembodiment variants the file system 26 is established in accordance withother conventions or standards.

The data carrier 10 is connected to a device 28 that serves for theinitialization and/or personalization of the data carrier 10. The device28 can, for example, be provided in the form of an initialization orpersonalization system that is known as such or—in particularly simpleembodiments—in the form of computer with an appropriate interface forcoupling to the data carrier 10. The device 28 reads specification dataSD from a computer-readable data carrier that can be designed, forexample, as a diskette or a CD-ROM. In the present sample embodiment,the specification data SD are transferred as a command APDU (applicationprotocol data unit) 32 to the data carrier 10.

The specification data SD contain a description in the semantic level ofthe file system 26 that is to be installed in the data carrier 26. Inthe present sample embodiment, this means that the specification data SDdesignate the structure of the file system 26 and the file attributesand the relationships between files in an abstract form that isindependent of the structure of the bit sequences of the administrativedata to be installed in the memory 14. The specification data SD may beavailable as a single file or be distributed over several files. Forexample, a first specification file can be used for establishing userinformation, a second specification file for producing the structure ofthe file system 26, a third specification file for combining files, itis preferred to send a corresponding number of command APDUs 32 to thedata carrier 10.

FIG. 2 shows an example of specification data SD that are given in aportable and interoperative XML format. The file types MF, DF and EF ofthe file system 26 are here represented by corresponding XML tags <MF .. . >, <DF . . . > and <EF . . . >, and the nesting of these tags in thespecification data SD defines the tree structure of the file system 26to be produced. File attributes in the file system 26 are represented inthe specification data SD by means of corresponding XML attributes.Thus, for example, the fundamental name attributes FID (file identifier)and AID (application identifier) are represented as XML attributes ofthe tags <DF . . . > and <EF . . . >. Further XML attributes designatethe file type (type) and the maximum size (maxsize) of the file.

In the present sample embodiment, the specification data SD also definesecurity settings of the individual files, in FIG. 2, for example, bymeans of the XML attributes access, owner, group and mode. Furthermorethere are also defined links between the files, in FIG. 2, for example,by means of the XML attribute LinkTo. Further pieces of informationregarding the file structure 26 to be created or other initialization orpersonalization values for the data carrier 10 may also be contained inthe specification data SD. Some examples of such pieces of informationare shown in FIG. 2.

For initializing or personalizing the data carrier 10 in the system ofFIG. 1 there are at first produced the specification data SD. Whenever atextual data format is involved, an ordinary text editor may serve forthis purpose. An appropriate tool, for example an XML generator, may beused for differently structured data formats. A customary web browsermay serve for visualization.

The produced specification data SD are stored in the computer-readabledata carrier 30 and from there be read into the initialization and/orpersonalization device 28. In the present sample embodiment, the device28 does not carry out any processing of the contents of thespecification data SD, but “packs” these data merely in a suitablecommand APDU 32 that is transferred to the portable data carrier 10.

The processor core 12 of the data carrier receives the command APDU 32via the interface 16 and extracts the specification data SD containedtherein. Controlled by the interpreter 24, the processor core 12interprets the specification data SD and installs the file system 26described therein piece by piece in the EEPROM area 22 of the memory 14.The individual files are produced during this process and the fileattributes, inclusive of the security settings corresponding to theinterpreted specification data SD, are set. Further, relations betweenfiles are defined and other settings are made in accordance with thespecification data SD.

In the present sample embodiment, the interpretation by the processorcore 12 simply ignores unknown elements of the specification data SD,for example unknown XML tags. It is therefore possible for the format ofthe specification data SD to be supplemented or extended, where evenspecification data SD in the extended format can still be interpreted bydata carriers 10 that do not comprehend this extended format. Thereforethe structural identity of the known elements of the specification dataformat is not lost.

The specification data SD may be present in the computer-readable datacarrier 30 and/or during the transfer to the data carrier 10 inencrypted or signed form. The decryption and/or signature check willthen take place in the portable data carrier 10. Since in the presentsample embodiment the device 28 does not produce any modifications ofthe contents of the specification data SD, there is no need for adecryption to be undertaken here. No secured environment is thereforeneeded for the initialization and/or personalization process.

1. A method for installing a file system in a portable data carrier thatis provided with a processor core and at least one memory, the methodcomprising the steps: reading in of specification data that describe thefile system at least in part at a semantic level, interpreting theread-in specification data by the processor core, and installing thefile system in accordance with the interpreted specification data in theat least one memory of the data carrier.
 2. The method in accordancewith claim 1, wherein the specification data describe a file structureof the file system inclusive of file attributes.
 3. The method inaccordance with claim 2, wherein the file attributes designate at leastone of the following: security settings, protocol settings, user/groupassociations.
 4. The method in accordance with claim 1, wherein thespecification data designate relations between files of the file system.5. The method in accordance with claim 1, wherein the specification dataare given in at least one of the following: a textual format, a portableformat, and an interoperative format.
 6. The method in accordance withclaim 1, wherein the specification data are given in XML.
 7. The methodin accordance with claim 1, wherein the specification data arecryptographically protected against at least one of manipulation andspying.
 8. A portable data carrier, comprising a processor core and atleast one memory, the portable data carrier being adapted for reading inspecification data that describe a file system at least in part at asemantic level, interpreting the read-in specification data by theprocessor core, and installing the file system in accordance with theinterpreted specification data in the at least one memory. 9.-10.(canceled)
 11. The method in accordance with claim 1, wherein thespecification data are given in an encoding in accordance with theencoding rules for ASN.1-defined data structures.
 12. The portable datacarrier in accordance with claim 8, wherein the portable data carrier isat least one of a smart card and a chip module.
 13. The portable datacarrier in accordance with claim 8, wherein the specification datadescribe a file structure of the file system inclusive of fileattributes.
 14. The portable data carrier in accordance with claim 13,wherein the file attributes designate at least one of the following:security settings, protocol settings, and user/group associations. 15.The portable data carrier in accordance with claim 8, wherein thespecification data are given in XML.
 16. A device for initializingand/or personalizing a portable data carrier that comprises a processorcore and at least one memory, the device being adapted for transferringto the portable data carrier specification data that at least partlydescribe at a semantic level a file system to be installed in theportable data carrier, the specification data being adapted for beinginterpreted by the processor core of the portable data carrier in orderto install the file system in accordance with the interpretedspecification data in the at least one memory of the portable datacarrier.
 17. The device in accordance with claim 16, wherein thespecification data describe a file structure of the file systeminclusive of file attributes.
 18. The device in accordance with claim17, wherein the file attributes designate at least one of the following:security settings, protocol settings, and user/group associations.
 19. Acomputer-readable data carrier containing specification data thatdescribe a file system at least in part at a semantic level, thespecification data being designed to be read into a portable datacarrier that comprises a processor core and at least one memory, thespecification data further being designed to be interpreted by theprocessor core of the portable data carrier in order to install the filesystem in accordance with the interpreted specification data in the atleast one memory of the portable data carrier.
 20. The computer-readabledata carrier in accordance with claim 19, wherein the specification datadescribe a file structure of the file system inclusive of fileattributes.
 21. The computer-readable data carrier in accordance withclaim 20, wherein the file attributes designate at least one of thefollowing: security settings, protocol settings, and user/groupassociations.
 22. The computer-readable data carrier in accordance withclaim 19, wherein the specification data are given in XML.